It was discovered that the HotSpot JVM in OpenJDK did not properly handle methods in MethodHandles. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.